apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "freshrss.fullname" . }} labels: {{- include "freshrss.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: {{ toYaml .Values.strategy | indent 4 }} selector: matchLabels: {{- include "freshrss.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "freshrss.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "freshrss.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP env: - name: TZ value: {{ .Values.freshrss.timezone }} - name: FRESHRSS_ENV value: {{ .Values.freshrss.freshEnv }} {{- if .Values.freshrss.cron.enabled }} - name: CRON_MIN value: {{ .Values.freshrss.cron.cronMin }} {{- end }} {{- if .Values.freshrss.autoInstall.enabled }} - name: FRESHRSS_INSTALL value: |- {{- if .Values.freshrss.autoInstall.apiEnabled }} --api_enabled {{- end }} --language {{ .Values.freshrss.autoInstall.language }} --default_user {{ .Values.freshrss.autoInstall.defaultUser.user }} {{- if ne .Values.freshrss.autoInstall.db.type "sqlite" }} --db-base {{ .Values.freshrss.autoInstall.db.name }} --db-host {{ .Values.freshrss.autoInstall.db.host }} --db-password {{ .Values.freshrss.autoInstall.db.password }} --db-type {{ .Values.freshrss.autoInstall.db.type }} --db-user {{ .Values.freshrss.autoInstall.db.user }} {{- end }} - name: FRESHRSS_USER value: |- {{- with .Values.freshrss.autoInstall.defaultUser }} --email {{ .email }} --password {{ .password }} --user {{ .user }} {{- end }} --language {{ .Values.freshrss.autoInstall.language }} {{- end }} {{- if .Values.freshrss.oidc.enabled }} - name: OIDC_ENABLED value: "1" {{- with .Values.freshrss.oidc }} - name: OIDC_PROVIDER_METADATA_URL value: {{ .providerMetadataUrl }} {{- if .existingClientSecret.name }} - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: {{ .existingClientSecret.name }} key: {{ .existingClientSecret.clientIdKey }} - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ .existingClientSecret.name }} key: {{ .existingClientSecret.clientSecretKey }} - name: OIDC_CLIENT_CRYPTO_KEY valueFrom: secretKeyRef: name: {{ .existingClientSecret.name }} key: {{ .existingClientSecret.clientCryptoKeyKey }} {{- else }} - name: OIDC_CLIENT_ID value: {{ .clientId }} - name: OIDC_CLIENT_SECRET value: {{ .clientSecretKey }} - name: OIDC_CLIENT_CRYPTO_KEY value: {{ .clientCryptoKey }} {{- end }} {{- if .remoteUserClaim }} - name: OIDC_REMOTE_USER_CLAIM value: {{ .remoteUserClaim }} {{- end }} {{- if .scopes }} - name: OIDC_SCOPES value: {{ printf "%s" (join " " .scopes) }} {{- end }} {{- if .xForwardedHeaders }} - name: OIDC_X_FORWARDED_HEADERS value: {{ printf "%s" (join " " .xForwardedHeaders) }} {{- end }} - name: OIDC_SESSION_INACTIVITY_TIMEOUT value: "{{ .session.inactivityTimeout }}" {{- if ge .session.maxDuration 0.0 }} - name: OIDC_SESSION_MAX_DURATION value: "{{ .session.maxDuration }}" {{- end }} {{- if .session.type }} - name: OIDC_SESSION_TYPE value: {{ .session.type }} {{- end }} {{- end }} {{- end }} livenessProbe: httpGet: {{- if .Values.freshrss.oidc.enabled }} path: /i/oidc/ {{- else }} path: /i/ {{- end }} port: http initialDelaySeconds: 30 readinessProbe: httpGet: {{- if .Values.freshrss.oidc.enabled }} path: /i/oidc/ {{- else }} path: /i/ {{- end }} port: http resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: freshrss-data mountPath: /var/www/FreshRSS/data volumes: - name: freshrss-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "freshrss.fullname" . }}-pvc{{- end }} {{- else }} emptyDir: {} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}